Change the domain name and the ASP script name and path and it will allow a client to read your ASP source code, this is a well known vulnerabillity, but I was surprised it still works on NT4 SP6a and all hotfixes applied to date !<BR><BR> Full<BR><BR>Cheers. Interested to hear if anyone else has this problem, exactly what HotFix do I Need ???